Centralized Authentication for Granting Access to Online Services

1. An authentication method comprising: accessing, with a processor, an identification code included in an authentication request received from an online service for authentication information associated with a first device, the identification code previously assigned to provide valid identification of the first device during a first time interval; in response to determining the identification code is valid and a profile selected based on the identification code and associated with the first device permits the online service to access the authentication information, sending an authentication prompt to the device; receiving an access code from the device in response to the authentication prompt; evaluating the activity information associated with the first device and the access code based on the profile to determine the authentication information; and transmitting the authentication information to the online service.

2. The method of claim 1 , wherein the evaluating of the activity information further includes: accessing mobility information specified for the first device in the profile; determining a location of the first device from the activity information; providing a first authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device corresponds to a location specified in the profile; and providing a second authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device does not correspond to the location specified in the profile.

3. The method of claim 2 , wherein the profile specifies that the first device is associated with a first user, and further including: when the mobility information specifies that the first device is mobile, determining, based on the location of the first device, whether the first device is co-located with a second device associated with the first user; providing the first authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to be co-located with the second device; and providing the second authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to not be co-located with the second device.

4. The method of claim 2 , wherein the first authentication status indicates a higher level of authentication certainty than the second authentication status.

5. The method of claim 1 , further including: receiving an identification code request from a gateway providing network access to the first device prior to receiving the authentication request from the online service; in response to the identification code request, determining the identification code and transmitting the identification code to the gateway; and in response to the authentication request, using the identification code to select the profile associated with the first device.

6. The method of claim 1 , further including: receiving profile information associated with the first device from a gateway providing network access to the first device; storing the profile information in the profile associated with the first device; and when authorized by the profile information, storing billing information associated with a location of the gateway in the profile associated with the first device.

7. The method of claim 1 , further including: in response to determining the profile associated with the first device does not permit the online service to access the authentication information, sending an authentication response to the online service indicating the online service is not permitted to access the authentication information; after sending the authentication response, receiving a permission request from the online service requesting permission to access the authentication information; and in response to the permission request, sending a profile update request to the first device to obtain updated profile information specifying whether the online service is permitted to access the authentication information.

8. A non-transitory computer readable medium comprising computer readable instructions which, when executed, cause a processor to perform operations comprising: accessing an identification code included in an authentication request received from an online service for authentication information associated with a first device, the identification code previously assigned to provide valid identification of the first device during a first time interval; in response to determining the identification code is valid and a profile selected based on the identification code and associated with the first device permits the online service to access the authentication information, sending an authentication prompt to the device; receiving an access code from the device in response to the authentication prompt; evaluating the activity information associated with the first device and the access code based on the profile to determine the authentication information; and transmitting the authentication information to the online service.

9. The non-transitory computer readable medium of claim 8 , wherein the evaluating of the activity information further includes: accessing mobility information specified for the first device in the profile; determining a location of the first device from the activity information; providing a first authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device corresponds to a location specified in the profile; and providing a second authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device does not correspond to the location specified in the profile.

10. The non-transitory computer readable medium of claim 9 , wherein the profile specifies that the first device is associated with a first user, and the operations further include: when the mobility information specifies that the first device is mobile, determining, based on the location of the first device, whether the first device is co-located with a second device associated with the first user; providing the first authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to be co-located with the second device; and providing the second authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to not be co-located with the second device.

11. The non-transitory computer readable medium of claim 8 , wherein the operations further include: receiving an identification code request from a gateway providing network access to the first device prior to receiving the authentication request from the online service; in response to the identification code request, determining the identification code and transmitting the identification code to the gateway; and in response to the authentication request, using the identification code to select the profile associated with the first device.

12. The non-transitory computer readable medium of claim 8 , wherein the operations further include: in response to determining the profile associated with the first device does not permit the online service to access the authentication information, sending an authentication response to the online service indicating the online service is not permitted to access the authentication information; after sending the authentication response, receiving a permission request from the online service requesting permission to access the authentication information; and in response to the permission request, sending a profile update request to the first device to obtain updated profile information specifying whether the online service is permitted to access the authentication information.

13. An apparatus to perform authentication, the apparatus comprising: memory including computer readable instructions; and a processor to execute the instructions to perform operations including: accessing an identification code included in an authentication request received from an online service for authentication information associated with a first device, the identification code previously assigned to provide valid identification of the first device during a first time interval; in response to determining the identification code is valid and a profile selected based on the identification code and associated with the first device permits the online service to access the authentication information, sending an authentication prompt to the device; receiving an access code from the device in response to the authentication prompt; evaluating the activity information associated with the first device and the access code based on the profile to determine the authentication information, and transmitting the authentication information to the online service.

14. The apparatus of claim 13 , wherein the evaluating of the activity information further includes: accessing mobility information specified for the first device in the profile; determining a location of the first device from the activity information; providing a first authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device corresponds to a location specified in the profile; and providing a second authentication status in the authentication information when the mobility information specifies that the first device is not mobile and the location of the first device does not correspond to the location specified in the profile.

15. The apparatus of claim 14 , wherein the profile specifies that the first device is associated with a first user, and the operations further include: when the mobility information specifies that the first device is mobile, determining, based on the location of the first device, whether the first device is co-located with a second device associated with the first user; providing the first authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to be co-located with the second device; and providing the second authentication status in the authentication information when the mobility information specifies that the first device is mobile and the first device is determined to not be co-located with the second device.

16. The apparatus of claim 13 , wherein the operations further include: receiving an identification code request from a gateway providing network access to the first device prior to receiving the authentication request from the online service; in response to the identification code request, determining the identification code and transmitting the identification code to the gateway; and in response to the authentication request, using the identification code to select the profile associated with the first device.

17. The apparatus of claim 13 , wherein the operations further include: in response to determining the profile associated with the first device does not permit the online service to access the authentication information, sending an authentication response to the online service indicating the online service is not permitted to access the authentication information; after sending the authentication response, receiving a permission request from the online service requesting permission to access the authentication information; and in response to the permission request, sending a profile update request to the first device to obtain updated profile information specifying whether the online service is permitted to access the authentication information.